Cyberwarfare & Cybersecurity

Cyberwarfare

And

Cyberterrorism

for

Mr. Terry Linkletter

Information Technology Instructor

Central Washington University

Ellensburg, Washington

By

Dan Coder

Andy Morrison

IT486 Critical Issues in Info Tech Students

Winter 2015

March 13, 2015

Contents Executive Summary ....................................................................................................................................... 1

Introduction .................................................................................................................................................. 2

Methodology ................................................................................................................................................. 3

Research Question .................................................................................................................................... 3

Data Sources ............................................................................................................................................. 3

Research Results ........................................................................................................................................... 4

What contributes to Americas vulnerability to cyberattack? .................................................................. 5

Technology Saturation .......................................................................................................................... 5

Outdated software patching and virus definitions ............................................................................... 6

Government and business pursuing different goals ............................................................................. 6

Decentralized responsibility of numerous systems .............................................................................. 7

Private-Public Sector Mistrust .............................................................................................................. 8

How Can Collaboration Make America Less Vulnerable? ......................................................................... 9

Protection by Collaboration .................................................................................................................. 9

Protection by Education ...................................................................................................................... 10

Discussion.................................................................................................................................................... 12

Conclusion and Recommendations ............................................................................................................ 12

References .................................................................................................................................................. 14

Appendix A - Notes ..................................................................................................................................... 16

Table of Figures

Figure 1 McAfee Labs Threats Report 2014 .................................................................................................. 5

Figure 2 Hackmageddon Top 10 Targets 2014 ............................................................................................. 9

1

Executive Summary

Cyberwarfare and cyberterrorism are perhaps the most pressing issues facing our world today. The

Internet has grown beyond its initial application and is being utilized in ways that were perhaps

inconceivable in its infancy. While the new technology has allowed for many breakthroughs and

conveniences, it has also grown more dangerous over time; dangerous to the point where it is the new

battlefield in the global warfare arena.

Technology applied in the Internet space in addition to the expanded address space facilitated by IPv6

allows addressing of theoretically 2128 unique locations (devices). This saturation of devices will present a

large pool of potential targets. In the current space of IPv4 (232) cyber is vulnerable as it is, the transition

to a greater address space, coupled with balkanization between private industry, utilities, and

government interests is a recipe for disaster. Complacent individual users and inattentive network

administrators contribute to a significant proportion of the exploits in cyber space. Decentralized

management of cyber security in the form of hoarding information, or simply failing to share

information undermines the network as a whole. If vulnerability is discovered yet not an immediate

business concern, or worse, leaving the competition to fend for it-self simply ignores the net citizenship

that is needed. This analysis intends, in addition, to address the issue of trust. Trust, as in any

relationship must be earned. The analysis suggests a mediating broker model, similar to the CDC model

that has nothing to gain aside from being a trusted voice, and subject matter expert.

America is extremely vulnerable and exposed in the realm of cyber security. With a culture over-

saturated with technology, many users are unable to keep up with the software patch updates and virus

definitions that are designed to make devices and computers more secure. The problem is greatly

amplified when these technology vulnerabilities are coupled with a private-public sector partnership

that is poisoned with politics and trust issues on both sides.

Too much is at stake to continue on this same path of pointing fingers about who is responsible;

effective collaboration must take place to help secure America from cyberattacks. The private and public

sectors must collaborate by sharing real time information about known threats and actively pursue

opportunities to build trust and establish a healthy, two-way partnership. A collaborative effort to

educate our country as a whole must take place as well. From average citizens to business leaders, all

must be educated on the cyber risks facing America today. All must understand how their role interlocks

with others to help make America less vulnerable to cyberattacks.

2

Introduction

The Internet is based on dependence on a current system that was not intended for the current

traffic and did not presuppose the business and industrial applications as they currently

manifest. Dr. Daniel Danny Hillis makes a compelling presentation1 on the early Internet

culture and its assumed limited application. The Internet and its current application were never

meant to support such an enormous superstructure, consequently the security vulnerabilities

were also not anticipated in its current scope. Dr. Hillis observation is compelling in light of the

concern over cyber security, cyber war and the potential aftermath. Dr. Hillis offers, What is

plan B?

Nation states are leveraging the Internet and cyber space to wage war on the new cyber battle

field. They are able to invade other nations cyber borders when they would never be able to

physically penetrate the border. The battle field is prepared on infrastructures across many

nations. This has created a cyber-arms race with weapons more devastating than conventional

weapons.

America is currently in a desperate and vulnerable place as it pertains to cyber security. It does

not help to simply reiterate all the prevalent problems facing our country; real solutions are

needed. The motivation of this analytical report is to explore the vulnerability of cyberattacks and

cyber-security, the road blocks that are keeping America vulnerable, as well as changes that

must be put into place to thwart devastating cyberattacks.

This reports primary and secondary questions are.

1. What contributes to Americas vulnerability to cyberattack?

a. Technology Saturation

b. Outdated software patching and virus definitions

c. Government and business pursuing different goals

d. Decentralized responsibility of numerous systems

e. Private-Public Sector Mistrust

2. How can collaboration make America less vulnerable?

a. Private-Public Sector Collaboration

b. Education

1 http://www.ted.com/talks/danny_hillis_the_internet_could_crash_we_need_a_plan_b#t-126221

3

Methodology The methodology applied to cyberattacks and cyber security analyses, based on findings, are

determined by the research question and secondary data sources. We, the authors, established

the criteria of this analysis based on questions and responses from classmates at Central

Washington University (CWU) cap stone class IT 486 Critical Issues in Info Tech, as well as

personal insight and, or, experience. Reference materials are selected based on credible

sources such as published authors, journals, and generally accepted technical websites relevant

to the analysis.

Research Question

The research questions developed from course (IT486) analysis of cyber threats in industrial

and financial sectors, furthermore, the secondary part of cyber vulnerabilities are addressed. In

addition to cyber vulnerabilities, this analysis investigates the current disparate approach to

solve an Internet community threat, potential repercussions, and a possible cooperation model.

The analyses intends to share with the audience past and current examples of exploitations,

forecasted exponential growth of Internet devices, and whether the current model is

sustainable.

Data Sources

The collection of source data is from Internet sources, print (books and journals) and discussion

board feedback. Sources referenced were the most informative on cyber security and cyber-

warfare available to the authors. Specific listings of sources are in the document reference

section.

The Internet research, specifically, the McAfee Labs Threat Report 2014 and Hackmageddon

2014 Cyber Attack Statistics are used for exhibit purposes. In addition texts, journals, and

Internet articles were sourced to compile this analysis. The following are some of the sources

utilized for background and argument purposes.

Peter W. Singer is a Strategist and Senior Fellow at the new America Foundation and

former Senior Fellow in Foreign Policy at the Brookings Institute. Dr. Alan Friedman is

currently a research scientist at the Cyber Security Policy and Research Institute at

George Washington University and formerly Research Director at the Center for

Technology Innovation. Both co-authored Cybersecurity and Cyberwar: What Everyone

Needs to Know (Oxford University Press, 2014)

4

Richard A. Clarke is currently an author. Previously Richard served in the White House

for ten years, serving three consecutive Presidents, and taught at Harvards Kennedy

School of Government. Robert K. Knake is an international affairs fellow at the Council

on Foreign Relations and co-author of Cyber War: The Next Threat to National Security

and What to Do About It (HarperCollins, 2010)

5

Research Results

What contributes to Americas vulnerability to cyberattack?

Technology Saturation

Over the past quarter century, personal computing and networking have grown like gold mining

towns throughout the western US during the mid-19th century. Everyone wanted, and still

wants, a piece of the action with little regard to long-term security, and financial consequences.

McAfee Labs 2015 Threats Prediction (2014, p. 7) illustrates the anticipated trend of growth of

Global Internet-Connected Devices.

Figure 1

Figure 1 McAfee Labs Threats Report 2014

The report states, These components and thus the devices themselves are not typically built

with security as a basic design principle. The increasingly vast deployment of IoT devices

combined with the lack of robust security represents a burgeoning threat to the privacy and

security of both individuals and companies. Currently the forward vision is connectivity of the

Internet of Everything (IoT), from the coffee maker, washing machine, dryer, refrigerator,

HVAC, to mobile phone and wearable technology in addition to the laptop, tablet, desktop,

servers, and mainframe serving thin clients. The list of devices is growing beyond the

mentioned technologies and is increasing in scope. Each vendor has the objective of distributing

product and feature rich content. Security and an overarching concern of compatible security

are not at the top of systems analysis concerns. Overseas manufacturing permit compromised

security of hardware devices as illustrated by manufacturers. For example every USB device has

a controller chip which can be reconfigured at the factory or reverse engineered. Karsten Nohl

and Jakob Lell demonstrated a reverse engineered device to do their bidding, they provided an

6

overview of the concept and provided a block diagram and explanation for the research at the

Blackhat2014 conference. A past TedTalk reviewed accessibility to Chinese manufacturing

facilities and compromised USB devices. The same principle of compromised USB controllers is

applicable to devices on the IoT. The concerns of device controllers such as 8051 controllers

(Intel MC51) will most likely propagate to the controllers used on IoT devices since uniformity

of technology with optional device configurations via firmware is a cost effective solution. The

concerns of a company selling a coffee maker, refrigerator, or thermostat manufacturer are not

the security of the device. History will likely reveal that our vulnerabilities have been largely

self-inflicted wounds much like poor testing of new drivers, patches, or other application

upgrades.

Outdated software patching and virus definitions

Users are often reluctant to patch software with historical failures that result from

upgrading/patching software and the subsequent incompatibilities that result. What was

supposed to be a fix for vulnerabilities is frequently an invitation for failure. An article in

zdnet.com illustrates an intended router patch that was intended to address multiple

vulnerabilities in the Internet Security Association and Key Management Protocol (ISAKMP) for

VPN (2005) use. Other reasons that users have, for not patching, are an absence of problems

and follow the model of If it aint broke dont fix it. An example is a recent Windows 7 update

(KB300439) (2014). One of the aspects of this faulty patch is that it may prevent successful

future updates. The same problems occur with virus definitions. Clearly, if vendors were

providing broken patches, why would the user want to subject themselves to such grief, trolling

forums, and other resources to attempt to fix the fix? Most users are just that that, users, they

want things to work and are not interested to learn the technology they are using. Steve Krug

addresses the user sentiment in regard to web page layout, but the same principle applies to

systems users. Steve Krugs book Dont Make Me Think Revisited A Common Sense Approach

to Web and Mobile Usability although focused on web design parallels the general public and

many systems administrators who dont want to put additional downtime and complexity into

using an everyday tool such as computers and web pages. Another disagreement of application

is in the camps of government and private enterprise, and although both play in separate

sandboxes, both use the same playground.

Government and business pursuing different goals Business and Government are at odds with another over privacy and security issues since the

Foreign Intelligence Surveillance Act FISA (1978 and later expanded) has reached into domestic

data, particularly egregious expansion since September 11, 2001 and the USA PATRIOT Act. The

FISA court is loaded with judges appointed by unelected individuals, issue warrants, and is

suspected of rubber-stamping nearly every National Security Agency [NSA] request to snoop

that it receives. (www.cnn.com, 2014) Currently businesses are securing their interests and the

7

interests of their subscribers as best they can, while government agencies and DOD protect

their interests. This failed model played out in pre-9/11 between law enforcement agencies as

well (local, federal, international) where the actors of the 9/11 attacks were known entities,

their profiles and behavior had been observed, but the pieces could not be put together since

each bureaucracy was serving its own immediate interests. Most recently, post Sony Hack

(2014)and finger pointing, the current administration is voicing concern of the disparate

management of cyber-security across agencies and business interests. President Obama

scheduled a meeting at Stanford University on February 13, 2015 which also happened to be

Friday the 13th, and was greeted by Apple, Google, Yahoo, Facebook, and other executives to

present an executive order PROMOTING PRIVATE SECTOR CYBERSECURITY INFORMATION

SHARING. (2015) Trust between government agencies, and private business interests are at an

all-time low since the Edward Snowden NSA document release in 2013. (MACASKILL & DANCE,

2013) The chasm between businesses that handle personal information and governments need

to track the bad guys is at this juncture unbridgeable. This observation was manifested in the

Stanford University meeting between the President, and the notable absence of many CEOs at

the Summit on Cyber Security and Consumer Protection. The executive order bypasses

repeated failed Cyber Intelligence Sharing and Protection Act (CISPA) attempts to pass the

Senate while the House of Representatives approved (Legislative sessions 112 and 113). The

votes in favor of CISPA fell along party lines and is reintroduced (not yet passed) as H.R. 234 in

the 114th Congress (2015). The final paragraph of the summary to H.R. 234 is Allows the

federal government to use shared cyber threat information followed by instances that are

well intended on the surface yet exploitable. The full text starts out with A Bill To provide for

the sharing of certain cyber threat intelligence and cyber threat information between the

intelligence community and cybersecurity entities, and for other purposes [italics added].

(Ruppersberger, 2015)

Decentralized responsibility of numerous systems

The lack of a cohesive multilateral agenda in cyber security has many critics, but few offer

starting points to solutions. The attempt at passing legislation on a subject as controversial in

terms of privacy is clearly inappropriate when there is absence of trust by the parties most

affected. This type of problem solving (or lack there-of) is a common thread throughout history.

According to Richard A. Clark responsibility for cyber security is based on the premise that

contends. The government thinks it is the responsibility of individual corporations to defend

themselves from cyber war. After all, they are right that no one in government would know

how to run a big banks network, or a railroads, or power grids (2010, p. 143) Richard Clark

references to cyber war as a military-like project. Looking for cold war deterrence and Mutually

Assured Destruction (MAD) models are not necessarily as relevant, or applicable in the case of

cyber-war, cyber-security, or cyber-commerce. As the Summit on Cyber Security and Consumer

8

Protection event illustrated to the outsiders looking in, there is discord between the interested

parties.

Admiral Michael Rogers NSA Director & U.S. Cyber Command Commander has national and

military security concerns. Industries, from Classic American Clothespins to General Electric,

Cisco, Adobe, and Boeing pursue their individual security solutions. There is no one industrial

spokesperson. Much less there is no advocate for securing the rest of the population at large

other than Kaspersky, Symantec, McAfee, MS Essentials and other home Small Business (SB)

Internet security companies. The current

Private-Public Sector Mistrust

It is not surprising there are trust issues exist between the private and public sectors. The

government has been accused of operating in secrecy and being one-sided, often demanding

information but not supplying it to the private sector. Likewise, patterns of government spying

demonstrate ill motives and continue to confirm why businesses should not share sensitive

customer data with government agencies.

Recently, the NSA is suspected of planting a Stuxnet-type virus on the firmware of possibly tens

of thousands of hard drives, including some made in the United States. The U.S. made drives

were shipped overseas allowing the NSA to spy on PCs in up to 30 countries (Whitney, 2015).

With the hard drive manufacturers adamantly denying they gave the NSA their source code, it is

apparent the NSA covertly compromised U.S. companies. This is a prime example of the

government operating in secrecy and undermining private sector trust.

On the other hand, private sector corporations are not always forthcoming and transparent

either. They are guarded for several reasons. First of all, any public news of a cyberattack could

lead to a loss of customers, revenue, and even the companys stock value. This does not mean

they do not take the compromise seriously; they will most likely handle the issue as quickly as

possible, but maybe without public disclosure if possible.

In instances where a business does publicly disclose a recent cyberattack, notification to the

customers and the specifics of the attack are often too late. These delays, along with the lack of

transparency, secrecy, and one-way relationship, all contribute to mistrust between the public

and private sectors. This mistrust is keeping America more vulnerable to cyberattacks by the

day.

While 2014 had a decrease in reported cyberattacks when compared to the prior year, the

variety of types of attacks and targets are cause for alarm. Hackmageddon statistics (Passeri,

2015) illustrates the Top 10 targets of cyberattack based on aggregated 2014 data of all

reported attacks.

9

Figure 2 Hackmageddon Top 10 Targets 2014

With government and private sector both hit hard by attacks, this further demonstrates the

critical state our nation is in. There is absolute urgency for collaboration. Given the fact that

some companies do not report cyberattacks or do not even know they were attacked, the

significance of this data is understated and even more alarming.

How Can Collaboration Make America Less Vulnerable?

Protection by Collaboration

Collaboration between public and private sectors is more critical now than ever before.

According to the Center on Law and Security (NYU School of Law), there are three pressing

cybersecurity issues facing America today that must be resolved.

1) Much of the nations critical cyber-infrastructure is owned by the private sector, vulnerabilities primarily reside on privately-owned networks, and most safeguards must be

implemented by the private sector; 2) Privately-owned and strategically significant intellectual property is the target of

cyber-theft, often by actors affiliated with nation-states; 3) A significant amount of threat information needed by the government to understand and mitigate cybersecurity risks resides with private companies.

10

The government absolutely needs the private sector to help secure our nations cyber

vulnerability. At the same time, businesses need the government to do what it can to help

prevent attacks, such as, but not limited to, using the threat of an offensive counter attack. To

put it simply; Americas security relies on both sectors working together in unity.

The key to private and public sector collaboration is to couple trust with timely transparency.

Trust typically happens over an extended period of time and with experience. Unfortunately,

America does not have an extended period of time in her vulnerable state to wait for trust to

build. However, there is plenty of cyber threats and activity taking place on a daily basis. Each

of these situations provides great opportunities for the government and businesses to

collaborate and share information.

Transparency is also essential in the private and public sector partnership. Businesses must

understand how they fit into the bigger picture of making America more defensible and less

vulnerable to cyberattacks.

InfraGard (Federal Bureau of Investigation) is an excellent example of how timely and

transparent information can prevent further attacks.

InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S (InfraGard).

Even if the business chose not to disclose the attack to customers and stakeholders right away,

immediately notifying the FBI could potentially save many other businesses from suffering the

same fate. As businesses see the value of InfraGard and the FBI partnership, the barriers of

mistrust will fall down.

Protection by Education

Education is also essential in the quest to make America less vulnerable to cyberattacks. This

should be a two-fold process that addresses large and small scale education plans. This is an

effort to understand the big picture to know why changes should be implemented in homes

and offices. While some instances of National Security may prevent full disclosure of facts and

situations that could drastically help America grasp this topic, the government still has a role to

play in the education process.

11

For example, a large-scaled education plan should include raising an awareness of who our

enemies are and their general tactics. It is important for America as a whole to understand that

the new battle field is cyberspace. It is also essential to know that countries have already

prepared the battlefield (Clark, 2010, p. 197) in many of our critical infrastructure networks.

Just as the United States has sent military units to do recon missions in foreign countries, other

countries are doing reconnaissance on our critical infrastructures. They are searching out

vulnerabilities and waiting for their greatest opportunity to attack. An attack on any of these

infrastructures, such as the electrical grid or water system, would be devastating to our nation

and economy, most likely causing us to struggle for survival like a third world country.

Most people should be able to grasp the direness of the situation we are in. However, since

average citizens have no responsibility or way of protecting our infrastructure from

cyberattacks, there is a risk that people continue on the path of passivity and everyone does

nothing. This is why the micro-scaled education plan is important as well. This plan needs to

include education and practical steps that can be implemented in homes and small businesses

to build up our cyber defenses as a whole. .

Costco is a prime example of how it uses its influence to educate its enormous member base.

The monthly Costco Connection magazine includes a Tech Connection section that many times

has technology advice and best practices. The March 2015 edition (Saltzman, 2015, p. 19)

explains how viruses work, the high risks of using public hotspots without a VPN, and the extra

security involved for using two-step authentication that is required by some online businesses

today. By educating readers on the risks of technology and providing solutions for better

security, our nation as a whole will be more aware of vulnerabilities and become more secure

as we implement these critical changes. More businesses need to leverage their influence to

provide this invaluable knowledge.

12

Discussion

The root cause for the endless stream of patching and vulnerabilities is based on a product that

is developed quickly, with new features, and as cost effective as possible. Security concerns are

someone elses problem and not considered a business-client responsibility unless it damages

reputation or the bottom line. The device population is growing with the added catalyst of IPv6,

known vulnerabilities are ignored if they are not my problem in competitive industry, and the

military/government is not a trustworthy partner.

The public and private sectors need each other. At the same time, America as a whole depends

on the success of this partnership. With mistrust, differing agendas, and privacy concerns,

barriers have been built on the path to infrastructure security. Growth, balkanization of

interests, and distrust require a different approach from the current model of limited sharing of

vital information.

Conclusion and Recommendations

Peter Singer and Allan Friedman have a different approach to finding common ground and draw

similarities of pirates during the Golden Age of Piracy (2014, p. 177) Although pirates had

their moment in the sun, the damages to commerce and safe passage were too high for nations

affected and merchants agreed on bringing an end to the threat of piracy. According to Singer

and Friedmans historical assessment it took a two-pronged approach that went beyond just

shoring up defenses or threatening massive attack (which are too often talked about in

cybersecurity as the only options, again making false comparisons to the worst thinking of the

cold war). (2014, p. 178) One of the suggestions is the creation of an analogous entity to the

Center of Disease Control (CDC) regarding health threats. CDC is concerned with similar

terminology such as infections, viruses, or contagions. The CDC is largely seen as an

independent world clearing house of disease control, and in the best case, disease eradication.

The CDC cooperates with any nation that requests help in stemming the tide of infections that

threaten health. Singer and Friedman suggest to Reframe the Problem (and the Solution):

What Can We Learn from Public Health? (Cybersecurity And Cyberwar: What Everyone Needs

to Know, 2014, p. 173) The authors refer to the term resilience; Ralph Langner uses the term

Robustification. The main thrust the authors intend to address is culture change. We dont

occupy yesterdays space and our ideas should not be limited to the first reaction of threat,

instead build bridges, simplify, and generate willingness to look at past solutions in similar

circumstances, rather than applying the observation that if all you have is a hammer,

everything looks like a nail" (Abraham Maslow, Abraham Kaplan). Part of building bridges is

13

informing, training, and education from K-12 education. Adversaries are going to follow their

nature as a natural virus would; we need to understand the part individuals play in the digital

relationship.

Building bridges is a key to strengthening Americas resistance to cyberattack vulnerability. As it

stands now, there lacks a resolute willingness and urgency to bridge the chasm between the

private and public sectors. While partnership progress has been made through avenues such as

InfraGard and NYUs Center on Law and Security, it is imperative that more still be done. A

wide-spread education plan would raise the awareness needed and also present technical

know-how. Mobilizing the citizens to do their part while the private and public sectors do theirs

is the quickest way out of the challenge we face. If America does not act on this issue of cyber

vulnerability, Americas enemies certainly will.

14

References

Clark, R. A. (2010). Cyber War: The Next Threat to National Security and What to Do About It. New York,

NY: HarperColliins.

Executive Order -- Promoting Private Sector Cybersecurity Information Sharing. (2015, February 13).

Retrieved from http://www.whitehouse.gov/: http://www.whitehouse.gov/the-press-

office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari

Federal Bureau of Investigation. (n.d.). About InfraGard. Retrieved from InfraGard Web site:

https://www.infragard.org/

MACASKILL, E., & DANCE, G. (2013, November 1). Snowden NSA Files Surveillance Revelations Decoded.

Retrieved from http://www.theguardian.com:

http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-

revelations-decoded#section/1

McAfee Labs Threats Report November 2014. (2014, November 15). Retrieved from

http://www.mcafee.com: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-

q3-2014.pdf

NYU School of Law. (n.d.). Public-Private Partnerships in National Security. Retrieved from The Center on

Law and Security: http://www.lawandsecurity.org/Programs/Public-Private-Partnerships-in-

National-Security

Passeri, P. (2015, January 13). Archive for the Cyber Attacks Statistics Category. Retrieved from

Hackmageddon.com: http://hackmageddon.com/category/security/cyber-attacks-statistics/

Ruppersberger, R. C. (2015, February 22). H.R.234 - Cyber Intelligence Sharing and Protection Act.

Retrieved from https://www.congress.gov: https://www.congress.gov/bill/114th-

congress/house-bill/234/text

Saltzman, M. (2015, March). Simple Steps for Better Security. Retrieved from The Costco Connection:

http://www.costcoconnection.com/connection/201503/u1=issues#pg22

Singer, P. W., & Friedman, A. (2014). Cybersecurity And Cyberwar: What Everyone Needs to Know. New

York, NY: Oxford University Press.

The Case for N. Koreas Role in Sony Hack. (2014, December 14). Retrieved from

http://krebsonsecurity.com: http://krebsonsecurity.com/2014/12/the-case-for-n-koreas-role-in-

sony-hack/

15

VPN flaws cause router patching nightmare. (2005, November 15). Retrieved from

http://www.zdnet.com: http://www.zdnet.com/article/vpn-flaws-cause-router-patching-

nightmare/

Whitney, L. (2015, February 17). NSA planted surveillance software on hard drives, report says. Retrieved

from CNET: http://www.cnet.com/news/nsa-planted-surveillance-software-on-hard-drives-

report/

Windows 7 users urged to uninstall broken update that wreaks havoc on software. (2014, December 12).

Retrieved from http://www.pcworld.com: http://www.pcworld.com/article/2859120/windows-

7-users-urged-to-uninstall-broken-update-that-wreaks-havoc-on-software.html

www.cnn.com. (2014, January 17). Retrieved from What is the FISA court?:

http://www.cnn.com/2014/01/17/politics/surveillance-court/

16

Appendix A - Notes Consulted websites:

http://www.economist.com/news/international/21567886-america-leading-way-developing-doctrines-

cyber-warfare-other-countries-may

http://www.usnews.com/opinion/blogs/world-report/2014/04/14/americas-Internet-infrastructure-is-

vulnerable-to-chinese-and-russian-hacking

http://www.trendmicro.ae/newsroom/pr/trend-micro-predicts-cyber-security-concerns-for--and-

beyond/

http://www.diplomaticourier.com/news/topics/security/2423-cybersecurity-the-Internet-of-things-and-

the-role-of-government

http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-

a-940994.html

https://www.eff.org/deeplinks/2015/02/russian-researchers-uncover-sophisticated-malware-equation-

group

https://www.yahoo.com/tech/s/exclusive-china-drops-leading-technology-brands-state-purchases-

130611327--finance.html

http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked#t-52077

What happens when the net is compromised?

http://www.ted.com/talks/danny_hillis_the_Internet_could_crash_we_need_a_plan_b#t-126221

Blackhat2014 compromising the USB controller chip to behave as a different device, instead of a storage

device.

https://www.youtube.com/watch?v=nuruzFqMgIw

USB Controller chips

http://www.maximintegrated.com/en/products/interface/controllers-expanders/MAX3420E.html

http://www.heritage.org/research/reports/2014/10/cyberattacks-on-us-companies-in-2014

http://www.sans.org/reading-room/whitepapers/auditing/art-reconnaissance-simple-

techniques-60

http://www.entrepreneur.com/article/225468

Cyberwarfare & Cybersecurity

Documents